Announcing $100K Bug Bounty Program with Immunefi

In an endeavor to make Lido for Solana secure, we are partnering with Immunefi to deliver a $100,000 bug bounty program

Rishi Sidhu
Aug 30 · 4 min read

We are taking another step in making Lido for Solana more secure by announcing a bug bounty in partnership with Immunefi. To date, we have had two audits done on our source code. The first one has been done by Bramah Systems and the second one, which is ongoing at the moment, by Neodyme. This bug bounty is a step further in fortifying the security of Lido for Solana ahead of its launch in September.

The bounty amount of $100,000 could be soon revised to $2,000,000 if the proposal to bump it up gets accepted. The $2m proposal is getting voted upon and as of now has received 100% votes in favour of increasing the bounty. The voting is still open though and ends on the 1st of September.

About Immunefi

Rewards and Program Scope

Payouts are done in either ETH, DAI, RAI, or LDO

All the web app bug reports require an accompanying PoC in order to be considered for a reward. Payouts are handled by the Lido for Solana department of the Lido team directly and are denominated in USD. Payouts are done in either ETH, DAI, RAI, or LDO, as per the bug bounty hunter’s preference.

For a list of assets in scope please refer to the bug bounty page at Immunefi

Note: For researchers who want to start their research early, a development version is available at https://solana-dev.testnet.lido.fi/, but this devnet deployment is not in scope. Additionally, any web/app bugs not directly related to what is in the Assets in Scope table but relevant for lido.fi, should be submitted in their main bug bounty program, assuming it fulfills all other requirements.

About Lido for Solana

With a proposal to increase and expand Lido’s bug bounty program to $2m underway, it is clear the Lido DAO is very serious about maintaining the security of its projects.

Lido for Solana is going to be a very mission-critical project and consequently a lucrative target for attacks. We take security seriously and this bug bounty is an effort to battle-test our codebase. We encourage all white hats to participate in this program and be rewarded with handsome bounty amounts.

For applying to the bug bounty and for further information, please visit the Immunefi bug bounty page

About Chorus One

Website: https://chorus.one
Twitter: https://twitter.com/chorusone
Telegram: https://t.me/chorusone
Newsletter: https://substack.chorusone.com

Disclaimer

Our content is intended to be used and must be used for educational purposes only. It is not intended as legal, financial or investment advice and should not be construed or relied on as such. The information is general in nature and has not taken into account your personal financial position or objectives. Before making any commitment of financial nature you should seek advice from a qualified and registered financial or investment adviser. Chorus One does not recommend that any cryptocurrency should be bought, sold, or held by you. Any reference to past or potential performance is not, and should not be construed as, a recommendation or as a guarantee of any specific outcome or profit. Always remember to do your own research.

Chorus One

We offer staking and interoperability solutions for over 20 decentralized networks.